“LIVE” PRODUCT DEMO:
HOW TO DETECT BRUTE FORCE ATTACKS AND APTS IN UNDER 1 HOUR W ITH ALIE NVAULT ™

Anthony Mack, Systems...
AGENDA
Todays Threat Landscape: Realities & Implications
Advanced Persistent Threat
• What is it and who is at risk?
Threa...
THREAT LANDSCAPE: OUR NEW REALITY
More and more organizations are finding
themselves in the crosshairs of various bad acto...
THREAT LANDSCAPE: ADVANCED PERSISTENT THREAT
APT operates by quietly planting malicious code
into an organization’s networ...
WHO IS AT RISK: ADVANCED PERSISTENT THREAT
Businesses holding a large quantity of personally identifiable information or i...
THE ALIENVAULT USM SOLUTION: NETWORK INTRUSION DETECTION
Network IDS is embedded in our platform, giving you the ability t...
THE ALIENVAULT USM SOLUTION: HOST INTRUSION DETECTION
Monitoring your mission critical servers
through host IDS agents all...
THE ALIENVAULT USM SOLUTION: IP REPUTATION
Tracking activity from attackers around the world allows AlienVault USM to aler...
Security

Asset Discovery

Piece it all
Intelligence
together

Look for strange
Behavioral
activity which could
Monitoring...
UNIFIED SECURITY MANAGEMENT

“Security Intelligence through Integration that we do, NOT you”

USM Platform
•
•
Bundled Pro...
sales@alienvault.com
www.alienvault.com
30-Day Free Trial
(Fully featured)
VIEW ON DEMAND
To watch a recorded version
of this webcast on demand.
Click Here
Upcoming SlideShare
Loading in …5
×

Live Product Demo: How to detect brute force attacks and APTs in under 1 hour with AlienVault

1,012 views
852 views

Published on

Detect Brute Force Attacks & APTs in less than 1 hour with AlienVault.
In this session, our SIEM deployment expert will show you how to quickly and easily:

*Detect brute force attacks with correlation of both Windows & Linux logs
*Detect APTs and zero-day attacks
*Expose network scans or worm behavior with firewall log correlation
*Identify and prioritize vulnerabilities on affected assets
*Customize alerts and reports for PCI, HIPAA and ISO

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,012
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • \
  • Who do we sell toHow to find themHow to engageEmphasis on categories in which we play (e.g. IDS, Vuln Assessment, Asset Discovery...)Quick market/vendor overview of these categories (high level competitive)
  • Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
  • Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
  • Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
  • Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
  • Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
  • Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
  • So how do we do this ? We’ve pieced together all of the necessary security tools to feed the correlation engine, provide meaningful data, and manage entire networks from a single-pane-of-glass. -The essential elements of a SIEM are the ability to capture events and pull these into an engine that can parson, normalize, correlate, and log them.-What most folks in the security world will tell you is that in order to have a battle tested security solution – you need to extend the capabilities of that SIEM to take other information than just the logs. And we’ve done just that.-First, we realize folks need to know what assets are on their system to protect. We do that by building in Asset Discovery Tools, where we can automatically populate a database of assets on your network by scanning both passively and actively, identifying hosts and installed software packages.-Once we’ve identified what’s on your networks at all times, we’ve built in the ability to find out where your system might be vulnerable. Vulnerability assessment tools allow us to cross correlate vulnerability information with up to date detection rules to identify the weaknesses that hackers exploit. -On top of that, our built in Threat detection tools are actively searching for breaching attempts. Our aim is to cover all of your bases to include Host based IDS, Network IDS, File Integrity Monitoring and even Wireless IDS. -The 4th piece is behavioral monitoring. Security teams need to track user behavior that will give you the coverage you need for unknown threats – typically exemplified by strange or anomalous network or system behavior – this includes netflow analysis, service availability and of course log collection and analysis for in-depth forensic investigations.-Finally, aggregatiing these security controls altogether for correlation and analysis provides the intelligence you need in order to stay ahead of the bad guys and be pro-active instead of reactive in your security approach.
  • In fact, AlienVault offers the only unified security management solution to unify the five essential security capabilities you need for complete security visibility. This translates into rapid time to value – faster and easier audits, targeted remediation, and more seamless incident response.
  • As you know, it’s never easy to fight for budget, especially when that budget is shrinking. We hear from many customers who say that they’re looking to achieve more with less – less people, less time, less budget. The respondents in our survey echoed this refrain. Thanks to AlienVault, they’re getting a better handle on their environment, our solution was easy to deploy and more than half agreed that they’re now able to do more with less.
  • Live Product Demo: How to detect brute force attacks and APTs in under 1 hour with AlienVault

    1. 1. “LIVE” PRODUCT DEMO: HOW TO DETECT BRUTE FORCE ATTACKS AND APTS IN UNDER 1 HOUR W ITH ALIE NVAULT ™ Anthony Mack, Systems Engineer Payman Faed, Account Executive
    2. 2. AGENDA Todays Threat Landscape: Realities & Implications Advanced Persistent Threat
• What is it and who is at risk? Threat detection through correlation of NIDS, HIDS and IP Reputation USM at a glance Live Demo of USM
• Data collection and correlation from a Network IDS to detect malicious code
• Detection of brute force attack leveraging OSSEC HIDS agent
    3. 3. THREAT LANDSCAPE: OUR NEW REALITY More and more organizations are finding themselves in the crosshairs of various bad actors for a variety of reasons. The number of organizations experiencing high profile breaches is unprecedented ~ SMB increasingly become the target. In 2012 (and we expect this to rise in 2013 and into 2014), 50% of all targeted attacks were aimed at businesses with fewer than 2,500 employees. In fact, the largest growth area for targeted attacks in 2013 was businesses with fewer than 250 employees; 31% of all attacks targeted them.
    4. 4. THREAT LANDSCAPE: ADVANCED PERSISTENT THREAT APT operates by quietly planting malicious code into an organization’s network to be used for reconnaissance and extraction of valuable information. Average end users are the most common targets for implanting malicious code through various techniques such as: Social engineering Fishing techniques Zero day vulnerabilities
    5. 5. WHO IS AT RISK: ADVANCED PERSISTENT THREAT Businesses holding a large quantity of personally identifiable information or intellectual property are at high risk of being targeted by advanced persistent threats. Some of the world’s most well known organizations have adopted AlienVault USM to combat this threat.
    6. 6. THE ALIENVAULT USM SOLUTION: NETWORK INTRUSION DETECTION Network IDS is embedded in our platform, giving you the ability to detect network level attacks including identifying network activity originating from malicious code. Network IDS signatures are updated frequently to keep you on the front lines of advanced detection
    7. 7. THE ALIENVAULT USM SOLUTION: HOST INTRUSION DETECTION Monitoring your mission critical servers through host IDS agents allow you to detect an APT attempting to spread out and gather sensitive information. File integrity checking Registry key integrity checking Operating system logging Centralized management
    8. 8. THE ALIENVAULT USM SOLUTION: IP REPUTATION Tracking activity from attackers around the world allows AlienVault USM to alert you when bad actors are accessing your network. Automatically correlates known attackers with detected intrusions and malware activity from both the network and host intrusion detection systems
    9. 9. Security Asset Discovery Piece it all Intelligence together Look for strange Behavioral activity which could Monitoring indicate a threat • • • • Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment Figure out what Asset is valuable Discovery • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Start looking for threats Detection Identify ways the Vulnerability target could be Assessment compromised • Log Collection • Netflow Analysis • Service Availability Monitoring Security Intelligence • SIEM Correlation • Incident Response
    10. 10. UNIFIED SECURITY MANAGEMENT “Security Intelligence through Integration that we do, NOT you” USM Platform • • Bundled Products - 30 Open-Source Security tools to plug the gaps in your existing controls • • USM Framework - Configure, Manage, & Run Security Tools. Visualize output and run reports USM Extension API - Support for inclusion of any other data source into the USM Framework Open Threat Exchange –Provides threat intelligence for collaborative defense
    11. 11. sales@alienvault.com www.alienvault.com 30-Day Free Trial (Fully featured)
    12. 12. VIEW ON DEMAND To watch a recorded version of this webcast on demand. Click Here

    ×